从 MYSQL 数据库中检索后,PHP 中的哈希密码不是字符串 [英] Hash Password in PHP not a string after retrieval from MYSQL database
问题描述
我有登录部分的密码,它使用 $hash = password_hash($password, PASSWORD_DEFAULT);
I have the password for the login part, which uses $hash = password_hash($password, PASSWORD_DEFAULT);
密码以散列形式存储在数据库中,$2y$10$CaQON5WOEHcla58aBoIRKOmyYLBwtDHKFqk81y25.EGvjBqlF0W1W
The password is stored in the database as a hash, $2y$10$CaQON5WOEHcla58aBoIRKOmyYLBwtDHKFqk81y25.EGvjBqlF0W1W
我在登录页面上查询数据库并检查用户电子邮件是否在数据库中.
I query the database on the login page and check that the user email is in the database, which it is.
如果我使用的查询有效,我已经检查了 MySQL 工作台,它返回的密码很好.
I have checked in MySQL workbench if the query I used works, and it returns the password fine.
但是,当我尝试在数据库中查询密码并将其分配给变量时,在回显变量不是字符串时出现错误.
However, when I try to query the database for the password and assign it to a variable, I get an error when echoing that the variable is not a string.
我试过 $verify = password_verify($password, $hash); 但是,我也得到的错误是参数 2 必须是一个字符串.
I've tried $verify = password_verify($password, $hash); however, the error I also get is parameter 2 must be a string.
那么为什么我得到后该值不是字符串呢?以及如何检索正确的值?
So why is the value not a string after I get it? and how do I retrieve the correct value?
这是我的查询:
$sql_e2 = "SELECT password FROM users WHERE email='$email'";
$hash = mysqli_query($mysqli, $sql_e2);
谢谢
推荐答案
我完成了现在工作和测试的工作&非工作帐户.
I finished putting together what is now working and tested against working & non working accounts.
//query SQL for password
$sql_e2 = $mysqli->prepare("SELECT password FROM users WHERE email = ?");
$sql_e2->bind_param("s", $email);
$sql_e2->execute();
$result = $sql_e2->get_result();
//fetch row from result and assign value
$row = mysqli_fetch_row($result);
$hash = $row[0] ?? false;
// Print the result depending if they match
if (password_verify($password, $hash)) {
echo 'Password Verified!';
} else {
echo 'Incorrect Password!';
}
谢谢各位指点.
这篇关于从 MYSQL 数据库中检索后,PHP 中的哈希密码不是字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
